Which two statements are true about application logs? (Choose two.)
A. On a Windows system, the Windows Registry is where most of the application logs are stored.
B. Application logs can provide analysts with detailed information about users' application usage.
C. Application logs only track the time and date an application was used.
D. Application logs can be correlated with other time synchronized logs in forensic analysis of an attack.
Which two statements are true about packet captures and packet capturing utilities? (Choose two.)
A. Packet captures can record transactions between specific hosts on a network and be played back later for deep packet analysis.
B. Most packet capturing tools are cumbersome and difficult to configure.
C. Packet captures can provide information about hidden content that may be inside a packet.
D. Because packet captures are relatively useless unless entire untruncated packets are captured, maximum packet length is not a configurable option in packet capture utilities.
Which statement is true about a SIEM system?
A. A SIEM can identify when anomalous behavior patterns are exceeding threshold.
B. A SIEM can detect when specific transactions occur that may be violating a policy.
C. A SIEM cannot perform logical correlation of events as efficiently as a human can.
D. A SIEM never needs to be tuned.
What are two data items that an analyst can learn about a data exfiltration alarm by using Cisco Stealthwatch? (Choose two.)
A. application or protocol that is used to transfer the data
B. IP address to which data was sent
C. names of files that were transferred
D. the signature that triggered the alarm
What does the syslog on a Cisco ASA firewall offer a security analyst?
A. time-stamped record of domain user log in history
B. time-stamped record of transaction and alert history
C. time-stamped record of file transfers from within the network
D. time-stamped record of protocol violations
Which three statements indicate why an email proxy log would be important to a security analyst? (Choose three.)
A. Modern email proxies compile and log per-sender behavior statistics.
B. Most typical email proxies log outgoing emails containing sensitive confidential content that is detected by their DLP function.
C. Most email proxies perform log filtering so that false positives are kept to a minimum.
D. Email proxies such as Cisco ESA have the capability to identify malware attachments, drop them, and log the drop action.
E. Most email proxies decrypt traffic so that it can be inspected.
F. Email proxy logs contain historical information such as sender and receiver entries that can be used to track phishing attacks.
Which three of the following best describe how a SIEM should be used? (Choose three.)
A. anomaly detection
B. data correlation
C. automated reporting
D. malware reverse engineering
E. sandboxing
What is one result of placing an IPS on the trusted (inside) segment of a firewall?
A. The IPS can provide raw data that can be correlated with other network security monitoring devices.
B. The IPS generates more alerts.
C. The IPS can detect new forms of attacks.
D. The IPS catches attacks before they hit the firewall.
E. The IPS alerts include real IP addresses rather than NATed addresses.
Which three of the following statements are true about network behavior anomaly detection? (Choose three.)
A. It can enable an analyst to quickly track down malicious activities on the network by identifying abnormal network traffic conditions.
B. It requires very little computational overhead.
C. It works effectively as long as the baseline covers a 24-hour period.
D. It works by comparing a known state of normal traffic to current traffic flows.
E. Its validity and usefulness can be impaired if the size of the sliding window is not set appropriately.
F. It works by searching network traffic for a series of bytes or packet sequences that are known to be malicious.
Which three statements are true about company data and data loss? (Choose three.)
A. Cloud storage helps prevent data loss.
B. Disgruntled employees are often sources of data leakage.
C. Company data is at a serious security risk today because data is more available and accessible than ever before.
D. Most companies fail to institute security policies that address data security.
E. Most companies fail to train employees about the risk of data loss.
F. One of the quickest ways to determine whether internal users may be involved in data loss is by viewing any alarms that the users have triggered.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 210-250 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.